Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-05-2024 23:38
Static task
static1
Behavioral task
behavioral1
Sample
194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
194dff6b859603e4b0f43642b122c2c0
-
SHA1
5a930dc662e37ff02672e515136e3e3f80ba25bc
-
SHA256
2a4f9b6b5fddbd74ae2518b8dc61277356e112448c9d976a9f37461155de1486
-
SHA512
5217151066900ccf3bd82c21ba283d75589446fef77c2fed4690a2d8f7e07c9bf5c756fa108c717fd34ec03bff2a7495659e63bea8819cc780a0af8a7d2d20e1
-
SSDEEP
1536:zvK8wXOsol+f9OQA8AkqUhMb2nuy5wgIP0CSJ+5yZB8GMGlZ5G:zvKfNoQMGdqU7uy5w9WMyZN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2040 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 1684 cmd.exe 1684 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2228 wrote to memory of 1684 2228 194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe 31 PID 2228 wrote to memory of 1684 2228 194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe 31 PID 2228 wrote to memory of 1684 2228 194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe 31 PID 2228 wrote to memory of 1684 2228 194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe 31 PID 1684 wrote to memory of 2040 1684 cmd.exe 32 PID 1684 wrote to memory of 2040 1684 cmd.exe 32 PID 1684 wrote to memory of 2040 1684 cmd.exe 32 PID 1684 wrote to memory of 2040 1684 cmd.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1684 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2040
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD55a32a92f645d2cffbb42b75b46288575
SHA149efe91a2371cf43e1356e4f1a33d5e13c8f72b6
SHA25635601ecc80acb900377d47803d906aa10fff406d34f947478d74a721f6113f53
SHA512979a09050640c2c8402dbc68fcfeef52be838e1c25d5537e54179dc428902600bdcd1586d0f1a41a209f53d1a6a05a47e5bd4057902eee52397474a3d403bcae